| Errata ID | 40 |
|---|---|
| Date | 2017-07-20 |
| Source package | libxml2 |
| Fixed in version | 2.8.0+dfsg1-7~ucs3.3.56.201611091327 |
| Description | This update addresses the following issues: * dict.c in libxml2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via an unexpected character immediately after the "<!DOCTYPE html" substring in a crafted HTML document. (CVE-2015-8806) * libxml2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document. (CVE-2016-1762, CVE-2016-1833, CVE-2016-1834, CVE-2016-1835, CVE-2016-1837, CVE-2016-1838, CVE-2016-1839, CVE-2016-1840) * The htmlParseNameComplex function in HTMLparser.c in libxml2 allows attackers to cause a denial of service (out-of-bounds read) via a crafted XML document. (CVE-2016-2073) * The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and earlier, when used in recovery mode, allows context-dependent attackers to cause a denial of service (infinite recursion, stack consumption, and application crash) via a crafted XML document. (CVE-2016-3627) * The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions in parser.c in libxml2 2.9.3 do not properly keep track of the recursion depth, which allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a crafted XML document containing a large number of nested entity references. (CVE-2016-3705) * The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-dependent attackers to cause a denial of service (heap-based buffer underread and application crash) via a crafted file, involving xmlParseName. (CVE-2016-4447) * XML external entity (XXE) vulnerability in the xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.4, when not in validating mode, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors. (CVE-2016-4449) * When a specially-crafted XML file is parsed via an application compiled against libxml2, this can cause the application to crash (no code execution, out-of-bounds read). (CVE-2016-4483) * libxml2 in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document. (CVE-2016-4658) * legacy xmlXPtrRangeToFunction could be abused to trigger use-after-free error with the potential for remote code execution (CVE-2016-5131) |
| Additional notes | |
| CVE ID | CVE-2015-8806 CVE-2016-1762 CVE-2016-1833 CVE-2016-1834 CVE-2016-1835 CVE-2016-1837 CVE-2016-1838 CVE-2016-1839 CVE-2016-1840 CVE-2016-2073 CVE-2016-3627 CVE-2016-3705 CVE-2016-4447 CVE-2016-4449 CVE-2016-4483 CVE-2016-4658 CVE-2016-5131 |
| UCS Bug number | #41674 |
